atty potential unaligned read #3443
Description
atty potential unaligned read
(This bug is created from a dependabot alert - but for rustup it is not a security vuln today. There is a latent bug risk if we were to install a custom allocator, so this should get fixed).
atty is present in Cargo.lock via clap. We're currently on version 3 of clap, possibly v4 drops the dependency, or possibly the work needs to be done in clap first.
Open Opened June 30, 2023 22:43 on atty (Rust) · Cargo.lock
| Package | Affected versions | Patched version |
|---|---|---|
| atty (Rust) | <= 0.2.14 | None |
On windows, atty dereferences a potentially unaligned pointer.
In practice however, the pointer won't be unaligned unless a custom global allocator is used.
In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment.
atty is Unmaintained
A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable.
Last release of atty was almost 3 years ago.
Possible Alternative(s)
The below list has not been vetted in any way and may or may not contain alternatives;
[std::io::IsTerminal](https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - Stable since Rust 1.70.0\n
[is-terminal](https://crates.io/crates/is-terminal) - Standalone crate supporting Rust older than 1.70.0"